How is Compliance score percentage calculated in Policy statement or in profiles.

Taranveer Vij · ‎08-06-2018

How is Compliance Score Percentage calculated in Policy statement or in Profile (profile scoping).

Jan Spurlin · ‎08-09-2018

And for a final follow-up - here are details about how the compliance score percentage is calculated when a Policy statement has children.

There are multiple steps to this one.

Step 1 - Calculate the score of the main policy statement assuming there are no children - this is the same way described previously.

If all controls are of the same weight
1. Count the number of controls that are either compliant or non-compliant for a total # of controls. (Example: Total of 20 controls that are either compliant or non-compliant).
2. - Controls that are in Draft or that have a status of Not Applicable are not included in this calculation.
3. Count the number of controls that are compliant.
4. - Example: 15 of the controls are compliant.
5. Divide the # of compliant controls by the total number of controls. (Example: 15/20 = .75 * 100 = 75%)
If the controls are of different weights
- Do the same thing, except instead of counting the controls - count the weight of the controls.

Step 2 - Look at the compliance scores of all the children and take an average.

Example - there are 4 child Policy Statements. Their scores are: 74, 88, 100 and 85.
The average of these 4 is 87

Step 3 - Add the average score of the children to the value from step 1 (the main policy statement). Divide by 2. This is the compliance score of the policy statement including it's children.

Example: 75 + 87 = 162
162 / 2 = 81
In this example - the compliance score for the main Policy statement is 81.

View solution in original post

Taranveer Vij · ‎08-07-2018

Thank you, I will check this.

Jan Spurlin · ‎08-09-2018

And for a final follow-up - here are details about how the compliance score percentage is calculated when a Policy statement has children.

There are multiple steps to this one.

Step 1 - Calculate the score of the main policy statement assuming there are no children - this is the same way described previously.

If all controls are of the same weight
1. Count the number of controls that are either compliant or non-compliant for a total # of controls. (Example: Total of 20 controls that are either compliant or non-compliant).
2. - Controls that are in Draft or that have a status of Not Applicable are not included in this calculation.
3. Count the number of controls that are compliant.
4. - Example: 15 of the controls are compliant.
5. Divide the # of compliant controls by the total number of controls. (Example: 15/20 = .75 * 100 = 75%)
If the controls are of different weights
- Do the same thing, except instead of counting the controls - count the weight of the controls.

Step 2 - Look at the compliance scores of all the children and take an average.

Example - there are 4 child Policy Statements. Their scores are: 74, 88, 100 and 85.
The average of these 4 is 87

Step 3 - Add the average score of the children to the value from step 1 (the main policy statement). Divide by 2. This is the compliance score of the policy statement including it's children.

Example: 75 + 87 = 162
162 / 2 = 81
In this example - the compliance score for the main Policy statement is 81.

Filip Laznicka · ‎01-23-2020

Hi Jan,

do you know how it is calulated for Entities? (New York release)

Thanks,

Jan Spurlin · ‎12-02-2024

Wow - NY is a long, long time ago and no longer supported by ServiceNow. I think this was true back then; but you should probably run a test and try it out.

Humshain Ahmed · ‎11-28-2024

can we change this matrix in the system is it possible? And where can i check these formulas/calculations on the Instance?